Question Period Note: BILL C-26, AN ACT RESPECTING CYBER SECURITY, AMENDING THE TELECOMMUNICATIONS ACT, AND MAKING CONSEQUENTIAL AMENDMENTS TO OTHER ACTS

What is the purpose of Bill C-26?

• Canada must take steps to protect critical infrastructure including the security and reliability of Canadian networks.

• Through Bill C-26, the Government of Canada is proposing to strengthen Canada’s telecommunications framework to respond to risks whether they are cyber threats or natural disasters and extreme weather.

• Amending the Telecommunications Act as intended would provide the government with legislative authority to promote the security of Canada’s telecommunications system.

• The proposed legislative amendments align with actions taken by Canada’s Five Eyes partners and will allow Canada to take strong action against threats to the security of our telecommunications sector.

• On June 14, 2022, the Government of Canada tabled Bill C-26, an Act respecting cyber security, amending the Telecommunications Act, and making consequential amendments to other Acts.
• The Bill passed through a systematic examination of each clause at the Public Safety and National Security (SECU) standing committee on April 8, 2024.
• It was passed by the House on June 19, 2024 and has advanced to second reading in the Senate.
• Bill C-26 comprises two main elements:
• Part 1 of Bill C-26 proposes amendments to the Telecommunications Act (TA) that would establish new authorities that enable the government to take action to promote the security of the Canadian telecommunications system, which could include taking measures with respect to high risk suppliers, as well as information sharing and enforcement powers.
o A new policy objective would be added to promote the security of the Canadian telecommunications system, enabling the Minister of Industry and the Canadian Radio-television and Telecommunications Commission (CRTC) to consider this objective when exercising their respective powers under the TA. It would allow for the same thing under the Radiocommunication Act which incorporates the TA objectives by reference.
o The legislation would enable the Governor in Council to impose prohibitions on the use of products and services from specific suppliers by Canada’s telecommunication services providers (TSPs), should those products be deemed to pose a risk to the security and reliability of the Canadian telecommunications system.
o Additional authorities to promote the general security of the Canadian telecommunications system would rest with the Minister of Industry. The Minister would also be provided with information-sharing powers and enforcement authorities.
• Part 2 of Bill C-26, which is led by the Minister of Public Safety, would enact the Critical Cyber Systems Protection Act. That act would establish a regulatory framework to strengthen baseline cyber security for services and systems that are vital to national security and public safety, and give the Government a new tool to respond to emerging cyber threats. It would also introduce a regulatory regime requiring designated operators in the finance, telecommunications, energy and transportation sectors to protect their critical cyber systems. The legislation addresses longstanding gaps in the Government’s ability to protect the vital services and systems Canadians depend on by enabling it to:
o designate services and systems that are vital to national security or public safety in Canada as well as the operators or classes of operators responsible for their protection;
o ensure that designated operators are protecting the cyber systems that underpin Canada’s critical infrastructure;
o ensure that cyber incidents that meet or exceed a specific threshold are reported;
o compel action by organizations in response to an identified cyber security threat or vulnerability; and
o ensure a consistent cross-sectoral approach to cyber security in response to the growing interdependency of cyber systems.
• The House of Commons Standing Committee on Public Safety and National Security (SECU) made several amendments to Bill C-26 in response to concerns raised by stakeholders and the public.
o Industry stakeholders generally supported the bill and understood its objectives, but raised concerns during the committee study around privacy protection, transparency, oversight and costs.
o Amendments were made which respond to those key issues, including by adding text to clarify and strengthen the treatment of personal and confidential information, and implement transparency measures for new powers.
o Industry representatives focused on the monetary penalty authority. In response, an explicit ‘due diligence’ defence was added to provide added protection for the sector.
o These changes respond to key stakeholder concerns, while ensuring the legislation can accomplish its goals.

If pressed on the status of the Bill C-26
• The Bill has passed the House of Commons with strong support from members of all parties.

• We particularly appreciate the hard work at the committee stage to further strengthen the Bill.

• Because of thoughtful stakeholder comments, the amendments now add text clarifying the treatment of personal and confidential information, improved transparency measures proposed in the Bill, and a ‘due diligence’ defence to provide added protection for the sector.

• The Government of Canada looks forward to the passing of this important bill for protecting Canada's telecommunications system.

If pressed on global actions
• Canada’s critical infrastructure is becoming increasingly interconnected, interdependent, and integrated with cyber systems, particularly with the emergence of new technologies.
• The proposed legislative amendments align with actions taken by Canada’s Five Eyes partners and will allow Canada to take strong action against threats to the security of our telecommunications sector.